0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

559ab60716...6f.exe

windows7-x64

559ab60716...6f.exe

windows10-2004-x64

Sharing

General

Target

559ab607169f48179abd8c8b1d062d6f.bin
Size

17.4MB
Sample

240326-crp36sef5w
MD5

559ab607169f48179abd8c8b1d062d6f
SHA1

395c3c54d44906ed5029bc3734e02572d4127a43
SHA256

0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072
SHA512

9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca
SSDEEP

393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/

Score

10^/10

evasion persistence pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

559ab607169f48179abd8c8b1d062d6f.exe

Resource

win7-20240221-en

evasion persistence pyinstaller

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

559ab607169f48179abd8c8b1d062d6f.exe

Resource

win10v2004-20240319-en

evasion persistence pyinstaller spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  559ab607169f48179abd8c8b1d062d6f.bin
- Size
  
  17.4MB
- MD5
  
  559ab607169f48179abd8c8b1d062d6f
- SHA1
  
  395c3c54d44906ed5029bc3734e02572d4127a43
- SHA256
  
  0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072
- SHA512
  
  9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca
- SSDEEP
  
  393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/
Score

10^/10

evasion persistence pyinstaller spyware stealer
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencepyinstaller

behavioral2

evasionpersistencepyinstallerspywarestealer

© 2018-2025

Terms | Privacy